iOS 12.4.0 jailbrok...
 
Notifications
Clear all

iOS 12.4.0 jailbroken traces BlackBag

7 Posts
4 Users
0 Likes
975 Views
(@tinybrain)
Posts: 354
Reputable Member
Topic starter
 

Is it possible to find jailbroken traces of iOS 12.4.0 by a BlackBag tool in an iPhone XR? We not used BlackBag before.

 
Posted : 15/02/2019 3:44 am
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

If the device is still jailbroken, yes.

If it was reset to factory reset or firmware flashed, then no.

If it was just a sideload jailbrake, it is gone after reboot.

Please reformulate your question, maybe somebody might be able to help you )

 
Posted : 15/02/2019 10:04 am
(@v-katalov)
Posts: 52
Trusted Member
 

First, there is no iOS 12.4 version; the latest is 12.1.4 (plus 11.2 beta 1/2).

Second, not sure what do you mean mean by jailbreaking in this context. There are known vulnerabilities for versions up to 12.1.2, plus some (not available to public) exploits for 12.1.3. Right now there are two jailbreaks unc0ver and rootlessJB, but first, they work on versions up to 12.1.2, and second, the do not support iPhone Xr yet.

Finally, as far as I know, BlackBag do not have their own tool for jailbreaking (or even file system acquisition) – they rely on GrayKey extractions. In the meantime, GrayShift do not disclosure what modifications to the file system are being done (in theory, some traces are left, but to find them you will have to jailbreak or GrayKey tool again).

 
Posted : 15/02/2019 11:30 am
(@tinybrain)
Posts: 354
Reputable Member
Topic starter
 

ok, got it - my mistake iOS 12.1.4 (16D57), sorry

Its not about jailbreaking its about finding traces that the device was jailbroken. The info about sidechannel is fine. The question came up as we gave a device to Cellebrite Advanced Unlocking Services and wanted to know if they during unlocking had jailbreaking in use.

 
Posted : 15/02/2019 11:35 am
(@shahartal)
Posts: 27
Eminent Member
 

The term 'jailbreak' is actually fairly non-standard as it can mean different things.
When most people talk about a jailbreak, they talk about a public tool that removes or reduces restrictions placed by iOS. This usually installs software to the device in a detectable way.
Cellebrite uses a forensic process that avoids to any extent possible modification of the file system, and thus should not be recognizeable in post extraction analysis.

 
Posted : 15/02/2019 1:44 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

@tinybrain

If it was just a sideload jailbrake, it is gone after reboot.

Whenever you got a CAS related question, the best is to ask Cellebrite, no ?! )

If the purpose of your post was to find out how CAS did the task, the answer is "Good question?!" or even better "Wizardry." )

@shahartal

Thank you for clarifying this, some of our customers asked this question as well before…

 
Posted : 15/02/2019 2:17 pm
(@tinybrain)
Posts: 354
Reputable Member
Topic starter
 

Shahar, toda raba

 
Posted : 16/02/2019 10:22 pm
Share: